Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection

Anis Suhailis Abdul Kadir, Azuraliza Abu Bakar, Abdul Razak Hamdan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recently there has been much interest in applying data mining to computer network intrusion detection. Accurate network traffic model is important for network stipulation. Significant knowledge is crucial for better accuracy in network traffic model. This paper presents the use of a Frequent Positive and Negative (FPN) itemset approach for network traffic intrusion detection. FPN approach generates strong positive and negative rules, in which produce important knowledge for building accurate network traffic model. Usually, frequent itemsets are generated based on the frequency of the presence of a particular item or itemset before generating the relevant rules. However, in FPN approach, for negative association rules, frequent absent itemsets is introduced. FPN approach has successfully enhanced the accuracy of the network traffic model by identifying volume anomaly. The experiments performed on network traffic data at the Universiti Kebangsaan Malaysia. We also report experimental results over other algorithms such as Rough Set and Naive Bayes. The results demonstrate that the performance of the FPN approach is comparable with the results of other algorithms. Indeed, the FPN approach obtains better results compared to other algorithms, indicating that the FPN approach is a promising approach to solving intrusion detection problems.

Original languageEnglish
Title of host publicationCommunications in Computer and Information Science
PublisherSpringer Verlag
Pages158-170
Number of pages13
Volume378 CCIS
ISBN (Print)9783642405662
DOIs
Publication statusPublished - 2013
Event2nd International Multi-Conference on Artificial Intelligence Technology, M-CAIT 2013 - Shah Alam
Duration: 28 Aug 201329 Aug 2013

Publication series

NameCommunications in Computer and Information Science
Volume378 CCIS
ISSN (Print)18650929

Other

Other2nd International Multi-Conference on Artificial Intelligence Technology, M-CAIT 2013
CityShah Alam
Period28/8/1329/8/13

Fingerprint

Intrusion detection
Association rules
Computer networks
Data mining
Experiments

Keywords

  • associative classification
  • intrusion detection
  • negative association rule

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Abdul Kadir, A. S., Abu Bakar, A., & Hamdan, A. R. (2013). Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection. In Communications in Computer and Information Science (Vol. 378 CCIS, pp. 158-170). (Communications in Computer and Information Science; Vol. 378 CCIS). Springer Verlag. https://doi.org/10.1007/978-3-642-40567-9_14

Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection. / Abdul Kadir, Anis Suhailis; Abu Bakar, Azuraliza; Hamdan, Abdul Razak.

Communications in Computer and Information Science. Vol. 378 CCIS Springer Verlag, 2013. p. 158-170 (Communications in Computer and Information Science; Vol. 378 CCIS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abdul Kadir, AS, Abu Bakar, A & Hamdan, AR 2013, Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection. in Communications in Computer and Information Science. vol. 378 CCIS, Communications in Computer and Information Science, vol. 378 CCIS, Springer Verlag, pp. 158-170, 2nd International Multi-Conference on Artificial Intelligence Technology, M-CAIT 2013, Shah Alam, 28/8/13. https://doi.org/10.1007/978-3-642-40567-9_14
Abdul Kadir AS, Abu Bakar A, Hamdan AR. Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection. In Communications in Computer and Information Science. Vol. 378 CCIS. Springer Verlag. 2013. p. 158-170. (Communications in Computer and Information Science). https://doi.org/10.1007/978-3-642-40567-9_14
Abdul Kadir, Anis Suhailis ; Abu Bakar, Azuraliza ; Hamdan, Abdul Razak. / Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection. Communications in Computer and Information Science. Vol. 378 CCIS Springer Verlag, 2013. pp. 158-170 (Communications in Computer and Information Science).
@inproceedings{9b10968cd7b84c69b6648b698cabad84,
title = "Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection",
abstract = "Recently there has been much interest in applying data mining to computer network intrusion detection. Accurate network traffic model is important for network stipulation. Significant knowledge is crucial for better accuracy in network traffic model. This paper presents the use of a Frequent Positive and Negative (FPN) itemset approach for network traffic intrusion detection. FPN approach generates strong positive and negative rules, in which produce important knowledge for building accurate network traffic model. Usually, frequent itemsets are generated based on the frequency of the presence of a particular item or itemset before generating the relevant rules. However, in FPN approach, for negative association rules, frequent absent itemsets is introduced. FPN approach has successfully enhanced the accuracy of the network traffic model by identifying volume anomaly. The experiments performed on network traffic data at the Universiti Kebangsaan Malaysia. We also report experimental results over other algorithms such as Rough Set and Naive Bayes. The results demonstrate that the performance of the FPN approach is comparable with the results of other algorithms. Indeed, the FPN approach obtains better results compared to other algorithms, indicating that the FPN approach is a promising approach to solving intrusion detection problems.",
keywords = "associative classification, intrusion detection, negative association rule",
author = "{Abdul Kadir}, {Anis Suhailis} and {Abu Bakar}, Azuraliza and Hamdan, {Abdul Razak}",
year = "2013",
doi = "10.1007/978-3-642-40567-9_14",
language = "English",
isbn = "9783642405662",
volume = "378 CCIS",
series = "Communications in Computer and Information Science",
publisher = "Springer Verlag",
pages = "158--170",
booktitle = "Communications in Computer and Information Science",

}

TY - GEN

T1 - Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection

AU - Abdul Kadir, Anis Suhailis

AU - Abu Bakar, Azuraliza

AU - Hamdan, Abdul Razak

PY - 2013

Y1 - 2013

N2 - Recently there has been much interest in applying data mining to computer network intrusion detection. Accurate network traffic model is important for network stipulation. Significant knowledge is crucial for better accuracy in network traffic model. This paper presents the use of a Frequent Positive and Negative (FPN) itemset approach for network traffic intrusion detection. FPN approach generates strong positive and negative rules, in which produce important knowledge for building accurate network traffic model. Usually, frequent itemsets are generated based on the frequency of the presence of a particular item or itemset before generating the relevant rules. However, in FPN approach, for negative association rules, frequent absent itemsets is introduced. FPN approach has successfully enhanced the accuracy of the network traffic model by identifying volume anomaly. The experiments performed on network traffic data at the Universiti Kebangsaan Malaysia. We also report experimental results over other algorithms such as Rough Set and Naive Bayes. The results demonstrate that the performance of the FPN approach is comparable with the results of other algorithms. Indeed, the FPN approach obtains better results compared to other algorithms, indicating that the FPN approach is a promising approach to solving intrusion detection problems.

AB - Recently there has been much interest in applying data mining to computer network intrusion detection. Accurate network traffic model is important for network stipulation. Significant knowledge is crucial for better accuracy in network traffic model. This paper presents the use of a Frequent Positive and Negative (FPN) itemset approach for network traffic intrusion detection. FPN approach generates strong positive and negative rules, in which produce important knowledge for building accurate network traffic model. Usually, frequent itemsets are generated based on the frequency of the presence of a particular item or itemset before generating the relevant rules. However, in FPN approach, for negative association rules, frequent absent itemsets is introduced. FPN approach has successfully enhanced the accuracy of the network traffic model by identifying volume anomaly. The experiments performed on network traffic data at the Universiti Kebangsaan Malaysia. We also report experimental results over other algorithms such as Rough Set and Naive Bayes. The results demonstrate that the performance of the FPN approach is comparable with the results of other algorithms. Indeed, the FPN approach obtains better results compared to other algorithms, indicating that the FPN approach is a promising approach to solving intrusion detection problems.

KW - associative classification

KW - intrusion detection

KW - negative association rule

UR - http://www.scopus.com/inward/record.url?scp=84904628376&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84904628376&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-40567-9_14

DO - 10.1007/978-3-642-40567-9_14

M3 - Conference contribution

AN - SCOPUS:84904628376

SN - 9783642405662

VL - 378 CCIS

T3 - Communications in Computer and Information Science

SP - 158

EP - 170

BT - Communications in Computer and Information Science

PB - Springer Verlag

ER -